package cn.com.shopec.erp.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * 会话劫持（csrf跨站请求伪造）
 *
 */
public class SessionFilter implements Filter {
	
	private static final Log log = LogFactory.getLog(SessionFilter.class);

	@Override
	public void doFilter(ServletRequest servletrequest, ServletResponse servletresponse, FilterChain filterchain) throws IOException, ServletException {
	        HttpServletRequest request = (HttpServletRequest) servletrequest;
	        HttpServletResponse response = (HttpServletResponse) servletresponse;
	        String clientSessionId = servletrequest.getParameter("ssid");
	        String serverSessionId = request.getSession().getId();
	        if (serverSessionId.equals(clientSessionId)) {
	            filterchain.doFilter(request, response);
	        } else {
	            response.sendRedirect("/system/error");
	        }
	    }
	
	@Override
	public void destroy() {
		
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		
	}
	
}